[JIRA] (JENKINS-60110) Update AWS Java SDK

19 views
Skip to first unread message

bigdan@gmail.com (JIRA)

unread,
Nov 8, 2019, 10:54:03 AM11/8/19
to jenkinsc...@googlegroups.com
Daniel V created an issue
 
Jenkins / Bug JENKINS-60110
Update AWS Java SDK
Issue Type: Bug Bug
Assignee: Patrik Boström
Components: configuration-as-code-secret-ssm-plugin
Created: 2019-11-08 15:53
Environment: Jenkins 2.190.2
configuration-as-code-secret-ssm:1.0.0
configuration-as-code:1.32
Priority: Major Major
Reporter: Daniel V

AWS has recently released a feature to allow PODs in EKS/K8S to assume individual, fine grained roles. This allows certain pods to get IAM credentials to perform work in AWS. The blog post is here:

 

https://aws.amazon.com/blogs/opensource/introducing-fine-grained-iam-roles-service-accounts/

 

This requires an update to SDKs because the new SDKs slightly modify the DefaultCredential chain to also look for certain environment variables which point to files that contain enough data to convert the data to IAM credentials.

 

Currently, configuration-as-code-secret-ssm-plugin specifies it's aws-java-sdk as 1.11.341: https://github.com/jenkinsci/configuration-as-code-secret-ssm-plugin/blob/master/pom.xml#L43

 

The aforementioned feature requires 1.11.623, ref: https://docs.aws.amazon.com/eks/latest/userguide/iam-roles-for-service-accounts-minimum-sdk.html

If we were to update this sdk, we could use this plugin in jenkins that's running in a K8S or EKS pod without further config.
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.13.6#713006-sha1:cc4451f)
Atlassian logo

chris+jenkins@chriskilding.com (JIRA)

unread,
Dec 10, 2019, 11:06:04 AM12/10/19
to jenkinsc...@googlegroups.com
Chris Kilding commented on Bug JENKINS-60110
 
Re: Update AWS Java SDK

I recently got a request to downgrade the AWS SDK dependency on the Secrets Manager Credentials Provider plugin, to make it compatible with Cloudbees Core 2.176.4.3. The SDK downgrade also broke support for fine-grained IAM policies in that plugin. I’ve already received a bug report from a user affected by this, so this needs fixing soon.

chris+jenkins@chriskilding.com (JIRA)

unread,
Dec 10, 2019, 11:29:03 AM12/10/19
to jenkinsc...@googlegroups.com
Chris Kilding edited a comment on Bug JENKINS-60110
I recently got a request to downgrade the AWS SDK dependency on the Secrets Manager Credentials Provider plugin, to make it compatible with Cloudbees Core 2.176.4.3. I imagine the SSM plugin would have the constraint when used with Cloudbees Core.

 The SDK downgrade also broke support for fine-grained IAM policies in that my plugin. And I’ve already received a bug report from a user affected by this , so this .

So Cloudbees Core needs fixing soon its AWS SDK dependency upgraded ASAP, to enable both of our plugins to upgrade in turn .

chris+jenkins@chriskilding.com (JIRA)

unread,
Dec 10, 2019, 11:32:02 AM12/10/19
to jenkinsc...@googlegroups.com
Chris Kilding edited a comment on Bug JENKINS-60110
I recently got a request to downgrade the AWS SDK dependency on the Secrets Manager Credentials Provider plugin, to make it compatible with Cloudbees Core 2.176.4.3. I imagine any other plugin that uses AWS SDK, including the SSM plugin one, would have the same constraint when used with Cloudbees Core.

The SDK downgrade also broke support for fine-grained IAM policies in my plugin . And , and I’ve already received a bug report from a user affected by this.

So Cloudbees Core needs its AWS SDK dependency upgraded ASAP, to enable both of our plugins to upgrade in turn.

patrik@diabol.se (JIRA)

unread,
Dec 10, 2019, 12:04:04 PM12/10/19
to jenkinsc...@googlegroups.com

The plugin uses  AWS SDK Plugin https://plugins.jenkins.io/aws-java-sdk so as long as there is a version of that plugin that bundles AWS Java SDK 1.11.623, or higher the plugin should use that.

patrik@diabol.se (JIRA)

unread,
Dec 10, 2019, 12:05:03 PM12/10/19
to jenkinsc...@googlegroups.com
Patrik Boström edited a comment on Bug JENKINS-60110
The plugin uses  AWS SDK Plugin [https://plugins.jenkins.io/aws-java-sdk] so as long as there is a version of that plugin that bundles AWS Java SDK 1.11.623, or higher the plugin should use that.

As long as that version of AWS SDK plugin is installed on our Jenkins the plugin should use that version.

patrik@diabol.se (JIRA)

unread,
Dec 10, 2019, 12:05:03 PM12/10/19
to jenkinsc...@googlegroups.com
Patrik Boström edited a comment on Bug JENKINS-60110
The plugin uses  AWS SDK Plugin [https://plugins.jenkins.io/aws-java-sdk] so as long as there is a version of that plugin that bundles AWS Java SDK 1.11.623, or higher the plugin should use that.
As long as that version of AWS SDK plugin is installed on our your Jenkins the plugin should use that version.

patrik@diabol.se (JIRA)

unread,
Dec 10, 2019, 12:09:03 PM12/10/19
to jenkinsc...@googlegroups.com
Patrik Boström edited a comment on Bug JENKINS-60110
The plugin uses  AWS SDK Plugin [https://plugins.jenkins.io/aws-java-sdk] so as long as there is a version of that plugin that bundles AWS Java SDK 1.11.623, or higher the plugin should use that.
As long as that version of AWS SDK plugin is installed on your Jenkins the plugin should use that version.

The latest version includes 1.11.687 in AWS SDK plugin

patrik@diabol.se (JIRA)

unread,
Dec 10, 2019, 12:10:02 PM12/10/19
to jenkinsc...@googlegroups.com
Patrik Boström edited a comment on Bug JENKINS-60110
The plugin uses  AWS SDK Plugin [https://plugins.jenkins.io/aws-java-sdk] so as long as there is a version of that plugin that bundles AWS Java SDK 1.11.623, or higher the plugin should use that.
As long as that version of AWS SDK plugin is installed on your Jenkins the plugin should use that version.

The latest version includes 1.11.687 in AWS SDK plugin


Please test with latest version of AWS SDK plugin and report back.

patrik@diabol.se (JIRA)

unread,
Feb 23, 2020, 4:06:02 PM2/23/20
to jenkinsc...@googlegroups.com
Change By: Patrik Boström
Status: Open Fixed but Unreleased
Resolution: Not A Defect
Reply all
Reply to author
Forward
0 new messages